Malware encrypts files on the victim's computer using WinRAR

Doctor Web experts warn about new campaign organized by cybercriminals to distribute Trojan. According to experts, Trojan ArchiveLock is distributed via examination of attacks on RDP protocol. Getting on a victim’s computer malware copies console version of WinRAR to a local folder, empties Recycle Bin, deletes backup copies and creates a list of files, which will be encrypted. Then, malware puts these files into a password-protected archive, and original files are deleted with the help of special utility.

Once the files are encrypted the victim of cybercrime receives a warning message, where password is suggested for the encrypted archive in exchange for $5000 (3900 euro). The main objectives of the attackers were Internet users in France and Spain.

Experts advise victims of ArchiveLock not to pay criminals, and not to delete any files, not to reinstall operation system, instead of these, to ask professional help, for example, to use a free file recovery service created by Doctor Web.